前言介紹
- 這款 WordPress 外掛「VMP Security – Firewall, Malware Scan, and Login Security」是 2025-10-29 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2026-02-18,距離現在已有 7 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
2FA | firewall | security | malware scanner | brute force protection |
內容簡介
總結:VMP Fence Security 提供了一套綜合的 WordPress 安全掃描器,透過進階的多重掃描器架構,檢測惡意軟體、漏洞、可疑活動和安全威脅,保護 WordPress 網站安全。
問題與答案:
1. 這個 WordPress 安全插件提供了多少種專用的安全掃描器?
- 這個 WordPress 安全插件提供了 11 種專有的安全掃描器。
2. 列舉一些這些安全掃描器的功能?
- 例如,"Server State Scanner" 可監控伺服器配置和安全設置;"Vulnerability Scanner" 用於識別安裝的插件和主題中已知的安全漏洞;"Malware Scanner" 用於檢測惡意代碼、後門和被感染的文件等。
3. 這個安全插件如何進行惡意軟件偵測和文件掃描?
- 這個安全插件使用先進的惡意軟件簽名和基於模式的偵測技術來偵測後門和特洛伊木馬;同時,還進行文件完整性監控,比對文件與 WordPress.org 存儲庫版本,以及掃描二進制文件中的惡意代碼等。
原文外掛簡介
Advanced Firewall and Security Scanner
Tired of worrying about your WordPress site getting hacked?
VMP Security is like having a professional security team watching your website 24/7. We combine a powerful firewall, intelligent malware scanner, and advanced threat detection to keep your site safe from hackers, malware, and security vulnerabilities.
Why Choose VMP Security?
✅ Comprehensive Real-Time Protection – Advanced security features that detect and stop attacks in real-time.
✅ Easy to Use – Set it up in 5 minutes. No security degree required.
✅ Performance Optimized – Won’t slow down your site. Runs efficiently in the background.
✅ Always Up-to-Date – Our 280+ firewall rules and malware signatures are constantly updated.
✅ Complete Coverage – Firewall, malware scanner, 2FA, brute force protection, and more in one plugin.
🔥 Web Application Firewall (WAF)
Think of it as a security guard for your website.
Our firewall inspects every visitor before they reach your WordPress site. Bad guys? Blocked instantly. Legitimate visitors? They won’t even notice we’re there.
What It Protects Against:
SQL Injection – Hackers trying to steal your database
Cross-Site Scripting (XSS) – Malicious code injection
Remote File Inclusion (RFI) – Attempts to upload backdoors
Local File Inclusion (LFI) – Unauthorized file access
Command Injection – Server takeover attempts
Path Traversal – Directory browsing attacks
Key Features:
280+ Built-in Security Rules – Covering all major attack types
Zero-Day Protection – Pattern-based detection catches new threats
Attack Logging – See exactly who’s trying to hack you
Custom Rules – Add your own protection patterns
Learning Mode – Fine-tune rules based on your legitimate traffic
IP Blocking – Automatic permanent bans for repeat offenders
🚀 Extended Protection (WAF Optimizer)
Run the firewall before WordPress — stop attacks before vulnerable code can execute.
By default, the firewall loads as a WordPress plugin. Extended Protection takes it a step further by running the firewall before WordPress and all other plugins load, so malicious requests are blocked before any potentially vulnerable code has a chance to run.
Features:
Pre-WordPress Execution – Firewall processes every request before WordPress core loads
One-Click Optimization – Guided wizard to enable extended protection safely
Safe Removal – Dedicated removal wizard to revert changes cleanly
Automatic Backup – Download a backup of your server configuration before any changes
Server Auto-Detection – Automatically detects Apache or LiteSpeed and configures accordingly
Multisite Aware – Configurable from the main site of a WordPress multisite network
Protection Level Indicator – See at a glance whether basic or extended protection is active
🛡️ Brute Force Protection
Stop password guessing attacks before they succeed.
Hackers use bots to try thousands of password combinations. We stop them cold.
Features:
Smart Login Limiting – Lock out IPs after failed attempts
Invalid Username Blocking – Instant block for fake usernames
Leaked Password Detection – Check credentials against breach databases
Strong Password Enforcement – Force admins and users to use secure passwords
Username Blacklist – Block known malicious usernames instantly
Permanent Bans – Get rid of persistent attackers for good
⚡ Rate Limiting & Bot Protection
Prevent site scraping, resource exhaustion, and vulnerability scanning.
Not all attacks are malicious code. Some attackers just overwhelm your site with requests. We stop that too.
What We Control:
Request Limits – Maximum requests per IP per time period
Human vs Bot Detection – Smart classification of traffic
404 Error Monitoring – Detect scanning attempts
Google Crawler Handling – Special treatment for legitimate search engines
Throttling or Blocking – Slow down or stop violators
Allowlist Support – Whitelist your own IPs and trusted services
🌍 Country Blocking
Block entire countries from accessing your site.
Protect your WordPress site from geo-targeted attacks by blocking traffic from specific countries. Perfect for sites with regional focus or facing attacks from certain locations.
Features:
Comprehensive Geo-Blocking – Block any country by ISO code
Granular Control – Block login only or entire site access
Block Statistics – Track attempts and blocks per country
Top Attackers Report – See which countries attack you most
Temporary Blocks – Set expiration times for country blocks
Permanent Blocks – Long-term protection from persistent threats
Detailed Logging – Complete audit trail with IP, country, and request data
Attack Analytics – Visual reports showing attack patterns by country
GeoIP Integration – Automatic IP-to-country lookup with IP2Location
Auto-Updates – GeoIP database updates automatically
🎯 Custom Pattern Matching
Block threats using advanced pattern matching.
Go beyond simple IP blocking. Create sophisticated blocking rules based on hostnames, user agents, referrers, and IP ranges.
Pattern Types:
Hostname Blocking – Block specific domains or wildcard patterns
User Agent Blocking – Stop malicious bots and scrapers
Referrer Blocking – Block traffic from specific sources
IP Range Blocking – CIDR notation support for network blocks
Wildcard Patterns – Flexible matching with * wildcards
Regex Support – Advanced users can use regular expressions
Management Features:
Pattern Groups – Organize related patterns together
Match Statistics – Track how often patterns trigger
Active/Inactive – Enable or disable patterns without deleting
Source Tracking – Know if patterns are local or from sync service
Reason Logging – Document why each pattern was created
Match History – See when patterns last matched
🚫 Blocking Options
Centralized management for all blocking features.
Manage all your site’s blocking rules from one convenient location. Control who can access your site and how.
Features:
IP Blocking – Block individual IPs or entire IP ranges using CIDR notation
Country Blocking – Block entire countries from accessing your site
Pattern Blocking – Create custom blocking rules based on hostnames, user agents, and referrers
Temporary Blocks – Set time-limited blocks that expire automatically
Permanent Blocks – Long-term protection from persistent threats
Block Statistics – See what’s being blocked and why with detailed analytics
Allowlist Management – Whitelist trusted IPs and services to bypass all blocks
Unified Dashboard – Manage all blocking types in one place
🔐 Two-Factor Authentication (2FA)
Add an extra layer of security to your WordPress login.
Even if someone steals your password, they can’t get in without the second factor.
Features:
QR Code Setup – Easy configuration with any authenticator app
Backup Codes – Never get locked out of your own site
User Management – Force 2FA for admins or specific roles
Frontend 2FA Management – Users can manage their own 2FA settings
Email Notifications – Get notified when 2FA is enabled/disabled
Shortcode Support – Add 2FA controls anywhere on your site
XML-RPC Protection – Require 2FA for XML-RPC requests
WooCommerce Integration – Secure your online store checkout
🔍 Advanced Malware Scanner
Multiple specialized scanners working together to find threats.
We don’t just look for known malware. Our intelligent scanner detects suspicious patterns, unauthorized changes, and hidden backdoors.
Our Security Scanners:
Malware Scanner – Detects backdoors, trojans, and malicious code from our 40,000+ malware scanner
File Integrity Monitor – Compares files against official WordPress versions
Vulnerability Scanner – Identifies security flaws in plugins and themes
User Security Scanner – Finds suspicious admin accounts
Content Safety Scanner – Analyzes posts/comments for malicious content
Public Files Scanner – Detects exposed configuration files
Server State Scanner – Monitors server security settings
Binary Scanner – Checks images and executables for embedded malware
Domain Reputation Scanner – Verifies URLs against threat databases
Scan Types:
Quick Scan – Critical files only (2-5 minutes)
Standard Scan – Balanced coverage (6-12 minutes)
High Sensitivity Scan – Complete site analysis (10-25 minutes)
Custom Scan – Choose exactly what to scan
🚨 Advanced Threat Detection
Advanced pattern matching and behavioral analysis.
Intelligent Detection:
Pattern Analysis – Detects obfuscated and encrypted malware
Behavior Analysis – Identifies suspicious file operations
Reputation Checking – Validates URLs against Google Safe Browsing
Legitimacy Assessment – Distinguishes real threats from false positives
Unknown File Detection – Flags files that shouldn’t be there
Password Breach Checking – Scans for compromised credentials
📊 Live Traffic Monitor & Event Tracking
See exactly what’s happening on your site in real-time.
Features:
Real-Time Traffic View – Watch visitors and attacks as they happen
Event Logging – Complete audit trail of security events
Attack Statistics – Visual dashboards showing threats over time
IP Intelligence – WHOIS lookup and IP reputation checking
Human vs Bot Tracking – Classify and analyze traffic patterns
Export Capabilities – Download logs and reports for analysis
🎛️ Easy-to-Use Dashboard
All your security in one place. No tech degree required.
What You Get:
Security Status – Green, yellow, or red. Know your status at a glance
Recent Attacks – See who’s trying to hack you
Scan Results – Detailed reports with clear action items
Firewall Status – Protection levels and rule statistics
One-Click Actions – Block IPs, ignore false positives, repair files
Scheduled Scans – Set it and forget it
⚙️ Advanced Features for Power Users
Need more control? We’ve got you covered.
Custom Firewall Rules – Write your own protection patterns
File Exclusions – Skip certain directories or file types
Performance Tuning – Adjust memory limits and timeouts
API Integrations – Google Safe Browsing, IP reputation databases
IPv4/IPv6 Support – Dual-stack or IPv4-only mode
Multisite Compatible – Works perfectly with WordPress networks
Developer Friendly – Hooks and filters for customization
Sync Service – Central management for multiple sites
🔒 Privacy & Your Data
Your site data and scan results stay on your server. Optional features like settings export use secure cloud storage.
What We DON’T Do:
❌ We don’t send your file content or database data to external servers
❌ We don’t track your users
❌ We don’t collect analytics about your site
❌ We don’t send data without your knowledge
External Services (Optional):
We use external services only when necessary for specific security features. You can see exactly what’s sent:
VMP Security Servers
* License activation and validation (free/premium)
* WAF rules synchronization and updates
* Malware signature database updates
* Two-Factor Authentication (2FA) system management
* Settings export/import cloud storage(optional)
* Privacy: Your site data remains on your server – only configuration and security rules are synced
Google Services (safebrowsing.googleapis.com, www.google.com/recaptcha)
* URL threat detection and reCAPTCHA spam protection
* Privacy: https://policies.google.com/privacy
WordPress.org APIs (api.wordpress.org, downloads.wordpress.org, core.svn.wordpress.org)
* Download original files for integrity checking during malware scans
* Privacy: https://wordpress.org/about/privacy/
GitHub (raw.githubusercontent.com)
* Download WordPress core files for file comparison
IP Lookup Services (api.ipify.org, ifconfig.me, icanhazip.com, ip-api.com, ipwhois.app, download.ip2location.com)
* Server IP detection, geolocation, and country blocking features
Threat Intelligence (api.urlvoid.com, www.virustotal.com, checkurl.phishtank.com)
* URL reputation checking and threat validation
Vulnerability Databases (services.nvd.nist.gov, wpscan.com, cvedetails.com, cve.mitre.org)
* Check for known security vulnerabilities during scans
All malware scanning happens on YOUR server. We do not upload your files or database content to external services except for certain features used by the user.
🛠️ Advanced Tools
Professional-grade tools for site management and troubleshooting.
Diagnostics Tool
Comprehensive system health check to troubleshoot issues quickly.
Run 15+ diagnostic tests to verify your site’s security configuration and identify potential problems:
Plugin Status – Check if VMP Security is working correctly
File Permissions – Verify read/write access to critical directories
Connectivity Tests – Ensure your site can communicate with security services
Time Sync – Verify server time is accurate for security features
WordPress Health – Complete audit of WordPress configuration
Plugins & Themes – View all installed plugins and themes with versions
Scheduled Tasks – Monitor cron jobs to ensure scans run on time
PHP Environment – Check PHP version and required extensions
Firewall Status – Verify WAF is protecting your site
Settings Export/Import
Backup and migrate your security configuration easily.
Cloud-based configuration backup and migration using secure tokens:
Generate Export Token – Upload settings to VMP server and receive a unique token
Cloud Storage – Your settings are securely stored on VMP servers
Easy Import – Use the token to download settings on any site
Site Migration – Quickly migrate security settings between sites
Configuration Backup – Keep your settings safe in the cloud
Flexible Import – Choose to merge with or replace existing settings
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「VMP Security – Firewall, Malware Scan, and Login Security」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 2.0.0 | 2.1.0 | 2.1.1 | 2.1.2 | 2.2.0 | 2.2.1 | 2.2.2 | 2.2.3 | 2.2.4 | trunk |
延伸相關外掛(你可能也想知道)
Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall 》at Is MalCare Security Services?, MalCare Security Services 是一款 WordPress 網站的安全外掛程式。★★★★★, 這款 WordPress 安全外掛程式可以確保您的網站...。
Defender Security – Malware Scanner, Login Security & Firewall 》our WordPress website with Defender. This plugin offers comprehensive security features that protect against various vulnerabilities and hacks, inc...。
BulletProof Security 》WordPress 安全防護:惡意軟體掃描器、防火牆、登入安全、資料庫備份、反垃圾郵件等功能,下列為安全性功能的重點,詳細說明請參見下方 FAQ 幫助節點內的 Bul...。
Malcure Malware Shield — Removal, Repair, Monitor 》最佳的 WordPress 感染清理外掛。掃描整個 WordPress 檔案和資料庫,查找惡意重新導向、病毒、惡意軟體、感染、安全威脅、特洛伊木馬、後門、dolohen、程式碼...。
Quttera ThreatSign – Web Malware Scanner for WordPress 》Quttera Web Malware Scanner 外掛可以掃描您的網站以查找惡意軟體、木馬、後門、蠕蟲、病毒、殼程式、間諜軟體及其他威脅,以及 JavaScript 代碼混淆、漏洞...。
Malware Scanner 》MALWARE SCANNER |WORDPRESS ANTI-MALWARE PROTECTION, Malware Scanner 外掛提供防 malware 保護效能,能夠偵測 WordPress 網站中的網路 malware、漏洞和其...。
RSFirewall! 》RSFirewall! WordPress外掛是保障您網站安全的最佳解決方案,幫助您預防有心者想竊取或損害您的網站。該外掛由一支專業的網站安全團隊支持,隨時掌握最新已知...。
Virusdie – One-click website security 》使用 Virusdie WordPress 外掛,輕鬆實現一鍵式網站安全防護, 歡迎使用最受期待的網站安全外掛 — Virusdie WordPress 外掛!, 簡單管理網站安全措施,例如:...。
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan 》ocklists it, and keep it safe with Anti Hacker Plugin – a comprehensive security tool that protects your WordPress site from a range of threats inc...。
WordPress Security – Firewall, Malware Scanner, Secure Login and Backup 》WORDPRESS 最受歡迎的防火牆和安全掃描器, Wp security pro 包含專門為 WordPress 創建的恶意軟件掃描器和終端防火牆。為了保障您的網站安全,我們的威脅防禦...。
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security 》不僅僅是掃描惡意軟體。預防其感染你的網站。, 使用安全流程來保護自己免受0-Day威脅,而非僅依賴簽名。, 感染惡意軟體嗎?, BitFire惡意軟體掃描器業界的惡...。
IP Threat Blocker 》現在已經免費擁有基本威脅阻擋器!, Musubu 的 WordPress IP 威脅阻擋外掛整合了 Musubu API 的滿貫能量,以動態篩查進入您的網站之 IP 位址的網頁安全威脅等...。
Bearmor Security 》```html, <!DOCTYPE html>, <html>, <body>, , <h2>文章總結:</h2>, <p>現在有一個 WordPress 安全外掛不會減慢您的網...。
WPMissionControl 》### 總結文案:, 使用 WPMissionControl 外掛可以提升您的 WordPress 網站維護和安全性。通過集成先進的監控系統,確保網站運行良好並保護完整性。, , ### 問...。